SYSTEM VULNERABILITIES, THREATS, AND COUNTERMEASURES

System threats, vulnerabilities, and countermeasures describe security architecture and design vulnerabilities, as well as the corresponding exploits that may compromise system security.

We will discuss countermeasures, or the mitigating actions of that to reduce the associated risk.

COVERT CHANNELS

A covert channel is any communication that violates security policy. The communication channel used by the malware installed on a system that locates personally identifiable information (PII) such as the credit card information and sends it to a malicious server is an example of the covert channel.

Two specific types of covert channels are the storage channels and timing channels.

BACKDOORS

A backdoor is a shortcut in a system that allows a user to bypass the security checks, such as username/password authentication, to log in.

Attackers will often install a backdoor after compromising a system.

Maintenance hooks are types of backdoor; they are the shortcuts installed by a system designers and programmers to allow developers to bypass the normal system checks during the development, such as requiring users to authenticate.